VPN through two firewalls.
Bookmark this page:
 Yahoo!
 Google
 Windows Live
 del.icio.us
 digg
 Netscape
|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Posted by Kissingfish on July 11, 2006, 11:42 pm
Please log in for more thread options I'm trying to set up a VPN connection through two firewalls. My network is as follows: | Internet | - |firewall| - | DMZ | - | firewall | - | lan | Obviously I can go from the lan through the firewall, to the DMZ and through the firewall to the internet.. But you can't go from the DMZ onto the lan.. Or from the internet to the lan.. I want to know if there's a way I could VPN to the lan so I can use remotedesktop or VNC to access my computer.. My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x range. If I VPN to my first firewall, I won't be able to access anything on the lan, and if I VPN to the second, well.. I can't get past the first one.. Anyone ever done something like this before? | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Posted by Simon on July 12, 2006, 2:25 am
Please log in for more thread options firewall so that you can then vpn to the second one ? simon | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Posted by Kissingfish on July 12, 2006, 3:04 am
Please log in for more thread options
Simon wrote: > Kissingfish wrote:
> > Hi all..
> > I'm trying to set up a VPN connection through two firewalls. > > My network is as follows: > > > > > > | Internet | - |firewall| - | DMZ | - | firewall | - | lan | > > > > Obviously I can go from the lan through the firewall, to the DMZ and > > through the firewall to the internet.. But you can't go from the DMZ > > onto the lan.. Or from the internet to the lan.. > > > > I want to know if there's a way I could VPN to the lan so I can use > > remotedesktop or VNC to access my computer.. > > > > My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x > > range. > > > > If I VPN to my first firewall, I won't be able to access anything on > > the lan, and if I VPN to the second, well.. I can't get past the first > > one.. > > > > Anyone ever done something like this before? > > > Why not open up the inbound ports for vpn protocols on the outer
> firewall so that you can then vpn to the second one ? > simon Wouldn't that give the DMZ access to my LAN? | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Posted by Simon on July 12, 2006, 6:24 am
Please log in for more thread options Kissingfish wrote:
> Simon wrote:
>> Kissingfish wrote:
>>> Hi all..
>>> I'm trying to set up a VPN connection through two firewalls. >>> My network is as follows: >>> >>> >>> | Internet | - |firewall| - | DMZ | - | firewall | - | lan | >>> >>> Obviously I can go from the lan through the firewall, to the DMZ and >>> through the firewall to the internet.. But you can't go from the DMZ >>> onto the lan.. Or from the internet to the lan.. >>> >>> I want to know if there's a way I could VPN to the lan so I can use >>> remotedesktop or VNC to access my computer.. >>> >>> My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x >>> range. >>> >>> If I VPN to my first firewall, I won't be able to access anything on >>> the lan, and if I VPN to the second, well.. I can't get past the first >>> one.. >>> >>> Anyone ever done something like this before? >>> >> Why not open up the inbound ports for vpn protocols on the outer
>> firewall so that you can then vpn to the second one ? >> simon >
Depends where you are going to terminate the vpn connection. If the
> > Wouldn't that give the DMZ access to my LAN? > internal firewall can do this then it shouldn't as access from the dmz to lan will only be available for authenticated users. If you wanted to VPN direct into your PC (XP pro supports one inbound VPN connection) then you would need to open the VPN ports inbound on your internal router as well. It would give the DMZ and internet access to the internal machine but only on vpn the VPN ports not full access. | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Posted by Stephen J. Bevan on July 12, 2006, 10:28 am
Please log in for more thread options > I'm trying to set up a VPN connection through two firewalls.
> My network is as follows: > > > | Internet | - |firewall| - | DMZ | - | firewall | - | lan | > > Obviously I can go from the lan through the firewall, to the DMZ and > through the firewall to the internet.. But you can't go from the DMZ > onto the lan.. Or from the internet to the lan.. > > I want to know if there's a way I could VPN to the lan so I can use > remotedesktop or VNC to access my computer.. > > My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x > range. > > If I VPN to my first firewall, I won't be able to access anything on > the lan, and if I VPN to the second, well.. I can't get past the first > one.. > > Anyone ever done something like this before? If both firewalls support IPsec then you could do double tunnelling. The outer firewall is configured to protect the DMZ subnet and the inner firewall is set to protect the lan. Thus to connect to the lan you create an IPsec connection to the outer firewall through which you create an IPsec connection to the inner firewall and hence the lan. If that all sounds like too much work try running Hamachi <http://www.hamachi.cc> on any PCs on the LAN you want to talk to and
on your PC on the internet.
| ||||||||||||||||||||||||||||||||||||||||||||||||||||
| Similar Threads | Posted |
| VPN through two firewalls. | July 11, 2006, 11:42 pm |
| IPSec between different firewalls - help/advice | July 14, 2005, 11:31 pm |
> I'm trying to set up a VPN connection through two firewalls.
> My network is as follows:
>
>
> | Internet | - |firewall| - | DMZ | - | firewall | - | lan |
>
> Obviously I can go from the lan through the firewall, to the DMZ and
> through the firewall to the internet.. But you can't go from the DMZ
> onto the lan.. Or from the internet to the lan..
>
> I want to know if there's a way I could VPN to the lan so I can use
> remotedesktop or VNC to access my computer..
>
> My DMZ has a 192.168.1.x IP range, whilst my LAN has a 192.168.168.x
> range.
>
> If I VPN to my first firewall, I won't be able to access anything on
> the lan, and if I VPN to the second, well.. I can't get past the first
> one..
>
> Anyone ever done something like this before?
>